+

US9674165B2 - Efficient key derivation with forward secrecy - Google Patents

Efficient key derivation with forward secrecy Download PDF

Info

Publication number
US9674165B2
US9674165B2 US14/724,315 US201514724315A US9674165B2 US 9674165 B2 US9674165 B2 US 9674165B2 US 201514724315 A US201514724315 A US 201514724315A US 9674165 B2 US9674165 B2 US 9674165B2
Authority
US
United States
Prior art keywords
master key
instructions
value
key
session
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US14/724,315
Other versions
US20160352706A1 (en
Inventor
Michael Michel Patrick Peeters
Rudi VERSLEGERS
Dimitri Warnez
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NXP BV
Original Assignee
NXP BV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NXP BV filed Critical NXP BV
Priority to US14/724,315 priority Critical patent/US9674165B2/en
Assigned to NXP B.V. reassignment NXP B.V. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: PEETERS, MICHAEL, Warnez, Dimitri, VERSLEGERS, Rudi
Priority to EP16169448.4A priority patent/EP3099003B1/en
Priority to CN201610330358.XA priority patent/CN106209352B/en
Publication of US20160352706A1 publication Critical patent/US20160352706A1/en
Application granted granted Critical
Publication of US9674165B2 publication Critical patent/US9674165B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Definitions

  • Various embodiments disclosed herein relate generally to secure channel communications and, more particularly but not exclusively, to session key derivation and master key secrecy.
  • a secure channel When two devices want to communicate securely, they typically first establish a secure channel. This channel will provide protection for confidentiality, integrity, and/or authentication of the exchanged messages.
  • the method of choice to implement this secure channel is usually based on symmetric cryptography. In that setting, both devices first share a common and secret symmetric key usually called the master key.
  • the master key is typically either predefined at manufacturing time or obtained via public key-based key exchange protocols (for instance elliptic curve Diffie-Hellman). In well-designed secure channels, the master key is never used as-is to encrypt, authenticate, or sign the messages. Instead, the master key is used to generate so-called session keys that are then each dedicated to a particular task (like encryption or authentication) for a limited period of time.
  • Non-transitory machine-readable medium encoded with instructions for execution by a processor, the non-transitory machine-readable medium including: instructions for determining a master key value for use in secure communications with a different device, wherein the master key value is used as a master key; instructions for deriving a session key using the master key; instructions for generating a new master key value based on the master key; instructions for deleting the current master key value; and instructions for using the new master key value as the master key.
  • a device for participating in a secure communication session including: a memory; an interface to another device with which secure communication will occur; and a processor in communication with the interface and memory, the processor being configured to determine a master key value for use in secure communications with a different device, wherein the master key value is used as a master key, derive a session key using the master key, generate a new master key value based on the master key, delete the current master key value, and use the new master key value as the master key.
  • Various embodiments described herein relate to a method by a processor, the method including: determining a master key value for use in secure communications with a different device, wherein the master key value is used as a master key; deriving a session key using the master key; generating a new master key value based on the master key; deleting the current master key value, and using the new master key value as the master key.
  • the instructions for generating a new master key value based on the master key include: instructions for combining the session key with at least one additional session key derived using the master key to form the new master key value.
  • the instructions for generating a new master key value based on the master key include: instructions for combining the current master key value with at least the session key to form the new master key.
  • the instructions for generating a new master key value include instructions for encrypting a constant value using the master key.
  • the instructions for generating a new master key value include instructions for applying an XOR function to two or more cryptographic keys.
  • the instructions for deriving at least one session key using the master key include: instructions for encrypting at least one constant value using the master key.
  • the instructions for deriving at least one session key using the master key include: instructions for combining the current value of the master key with the new value of the master key to produce a session key.
  • Various embodiments additionally include instructions for periodically re-executing the instructions for generating a new master key.
  • the instructions for negotiating a master key value with a different device include instructions for negotiating with a secure element that is part of the same device as the processor.
  • non-transitory machine-readable medium is encoded with instructions for execution by a secure element within a host device.
  • FIG. 1 illustrates an example of a hardware system for performing secure communications
  • FIG. 2 illustrates a first example of a method for generating session keys and a new master key
  • FIG. 3 illustrates a second example of a method for generating session keys and a new master key
  • FIG. 4 illustrates a third example of a method for generating a session key and a new master key
  • FIG. 5 illustrates a fourth example of a method for generating a session key and a new master key.
  • Various embodiments described herein attempt to provide forward secrecy for secured communications by periodically altering the master key and discarding all old versions of the master key. Both parties to a communication alter the master key in the same way, such that renegotiation of the master key need not be performed; instead, both devices modify the master key according to the same protocol and therefore always hold the same version of the master key. In this way, even if the current master key is compromised, the attacker does not have access to previous versions of the master key and therefore may not be able to decrypt previously-intercepted communications.
  • FIG. 1 illustrates an example of a hardware system 100 for performing secure communications.
  • the hardware system 100 may be virtually any device that communicates using an encrypted protocol.
  • the device 100 includes a processor 120 , memory 130 , secure element 140 , network interface 150 , and storage 160 interconnected via one or more system buses 110 .
  • FIG. 1 constitutes, in some respects, an abstraction and that the actual organization of the components of the device 100 may be more complex than illustrated.
  • the processor 120 may be any hardware device capable of executing instructions stored in memory 130 or storage 160 or otherwise processing data.
  • the processor may include a microprocessor, field programmable gate array (FPGA), application-specific integrated circuit (ASIC), or other similar devices.
  • FPGA field programmable gate array
  • ASIC application-specific integrated circuit
  • the memory 130 may include various memories such as, for example L1, L2, or L3 cache or system memory. As such, the memory 130 may include static random access memory (SRAM), dynamic RAM (DRAM), flash memory, read only memory (ROM), or other similar memory devices.
  • SRAM static random access memory
  • DRAM dynamic RAM
  • ROM read only memory
  • the secure element 140 may be a device for performing secured functions such as, for example, storing secret information or performing cryptographic processing.
  • the secure element 140 may include hardware such as a processor, a memory, and an interface to the bus 110 .
  • the rest of the hardware device 100 may be referred to as a host device to the secure element.
  • the secure element 140 and processor 120 both implement a session key derivation method, such as one of the examples described herein, to enable secure communications therebetween.
  • only one of the secure element 140 and processor 120 may implement such a method along with another external device which is accessible via the network interface.
  • the network interface 150 may include one or more devices for enabling communication with other hardware devices.
  • the network interface 150 may include a network interface card (NIC) configured to communicate according to the Ethernet protocol.
  • the network interface 150 may implement a TCP/IP stack for communication according to the TCP/IP protocols.
  • the network interface may include a near-field communication (NFC) chip, 3G chip, or 4G chip along with appropriate antennas to enable wireless communications.
  • NFC near-field communication
  • the storage 160 may include one or more machine-readable storage media such as read-only memory (ROM), random-access memory (RAM), magnetic disk storage media, optical storage media, flash-memory devices, or similar storage media.
  • the storage 160 may store instructions for execution by the processor 120 or data upon with the processor 120 may operate.
  • the storage 160 may store a base operating system 161 for controlling various basic operations of the hardware 100 and multiple applications 162 for performing various functions on behalf of the user.
  • the applications 162 may include a web browser, a music player, or a wireless payment application (or a non-secured portion thereof, with the secured portion residing on the secure element 140 ).
  • the storage 160 also stores a master key 163 and multiple session keys 164 .
  • the initial value of the master key 163 is pre-configured as stored in the storage 160 at the time of device manufacturing while in other embodiments the initial value of the master key 163 is negotiated between two devices according to an appropriate key exchange protocol.
  • the storage 160 includes master key exchange instructions 165 that transmit a master key value to or receive a master key value from another device.
  • the storage 160 also includes encryption instructions 166 such as, for example, an AES implementation that can be used in conjunction with the session keys 166 to encrypt communications.
  • the storage 160 includes session key generation instructions 167 .
  • the session key generation instructions 167 also include master key modification instructions 168 that periodically alter the master key 163 value.
  • the master key modification instructions 168 may generate a new master key value and subsequently delete the current master key value by, for example, overwriting the current master key value with the new master key value or other data or by freeing an area in memory storing the current master key value.
  • master key modification instructions 168 may generate a new master key value and subsequently delete the current master key value by, for example, overwriting the current master key value with the new master key value or other data or by freeing an area in memory storing the current master key value.
  • the memory 130 may also be considered to constitute a “storage device” and the storage 160 may be considered a “memory.” Various other arrangements will be apparent. Further, the memory 130 and storage 160 may both be considered to be “non-transitory machine-readable media.” As used herein, the term “non-transitory” will be understood to exclude transitory signals but to include all forms of storage, including both volatile and non-volatile memories.
  • the various components may be duplicated in various embodiments.
  • the processor 120 may include multiple microprocessors that are configured to independently execute the methods described herein or are configured to perform steps or subroutines of the methods described herein such that the multiple processors cooperate to achieve the functionality described herein.
  • the various hardware components may belong to separate physical systems.
  • the processor 120 may include a first processor in a first server and a second processor in a second server.
  • FIG. 2 illustrates a first example of a method 200 for generating session keys and a new master key.
  • the method 200 may correspond to the session key generation instructions 167 of FIG. 1 .
  • the method 200 utilizes a current master key 210 to generate two session keys 240 , 242 .
  • the method 200 encrypts two constants 220 , 222 using an AES encryption algorithm (e.g., in ECB mode applied to one block) 230 , 232 and the current master key 210 .
  • the constants 220 , 222 may be any values that two implementations of the method 200 agree will be used for generation of the session keys 240 , 242 .
  • these constants 220 , 222 may be pre-configured literal values, agreed-upon variables, or a combination thereof.
  • CST_A 220 may be a counter value appended to a device identifier
  • CST_B” 222 may be a current time (e.g., the current hour and minute) appended to the device identifier. It will be apparent that virtually any value may be used as a constant 220 , 222 as long as both parties to the communication are agreed as to which values will be used. In various embodiments, the selected constants need not be kept secret.
  • session keys 240 , 242 may be used as part of ordinary cryptographic operations 260 performed by the operating system or applications.
  • the session keys 240 , 242 may be used by other AES processes 264 , 274 to encrypt plaintext 262 , 272 for transmission to another device as ciphertext 266 , 276 (or to decrypt ciphertext 266 , 276 into usable plaintext 262 , 274 ).
  • additional session keys (not shown) may be generated in similar, agreed-upon manners.
  • the method 200 generates a new master key 212 to replace the current master key 210 by combining the two session keys 240 , 242 .
  • the session keys are combined using an exclusive or (XOR) operation 250 .
  • XOR exclusive or
  • other combination functions may be used such as a not-and (NAND) operation, encryption of one session key using another, or any other transformative function.
  • more than two session keys may be combined to form the new master key value 212 . For example, four session keys may be XOR'ed together to produce a single master key value.
  • the new master key value 212 After the new master key value 212 is generated, it replaces the old master key value 210 .
  • the method may overwrite a master key variable or space in memory with the new value 212 , thereby deleting the old master key value 210 .
  • the method 200 provides forward secrecy. It will be appreciated that the method 200 may be executed periodically to refresh the session keys 240 , 242 and, as such, the value of the master key may periodically change.
  • an attacker that has compromised the session keys 240 , 242 may generate the next master key 212 and, as such, may be able to generate each new session key in the future.
  • various implementations may also utilize the old value of the master key in generating the new master key; as such, the attacker would also have to compromise the old value of the master key, which is generally protected using different, and often more stringent, techniques from those used to protect the session key.
  • FIG. 3 illustrates a second example of a method 300 for generating session keys and a new master key.
  • the method 300 may correspond to the session key generation instructions 167 of FIG. 1 .
  • the method 300 is largely similar to the previous example method 200 .
  • a master key 310 is used to encrypt 330 , 332 agreed-upon constants 320 , 322 to produce session keys 340 , 342 .
  • the session keys 340 , 342 may then be used for secure communication operations 360 by the OS or applications to, for example, encrypt 364 , 374 plaintext communications 362 , 372 to produce encrypted communications 366 , 376 (or to perform the reverse process of decryption).
  • the method 300 combines the old master key value 310 with one or more of the session keys 340 , 342 . As shown, the master key 310 is combined with a first session key 340 via an XOR operation 350 , the result of which is then combined with a second session key 342 via another XOR operation 352 . As before, fewer or additional session keys may utilized and alternative or additional combination techniques may be used.
  • FIG. 4 illustrates a third example of a method 400 for generating a session key and a new master key.
  • the method 400 may correspond to the session key generation instructions 167 of FIG. 1 . As shown, the method is similar to the previous example method 300 .
  • the method 400 uses a master key 410 to encrypt 430 an agreed-upon constant 420 to produce a session key 440 .
  • the session key 440 may then be used for secure communication operations 460 by the OS or applications to, for example, encrypt 464 plaintext communications 462 to produce encrypted communications 466 (or to perform the reverse process of decryption).
  • the method 400 combines the old master key value 410 with one session key 440 .
  • the combination operation is an XOR 450 .
  • fewer or additional session keys may utilized and alternative or additional combination techniques may be used.
  • the third example method 400 is similar to the second example method 300 with the difference that the new master key 412 may be generated using only a single session key (and the old value for the master key).
  • the method 400 may be used to modify the master key after generation of each new session key.
  • the method 400 may only be used to modify the master key when a session key for a specific function is generated. For example, if an implementation generates different session keys for encryption and authentication, the method 400 may only be used to change the master key whenever the session key for the encryption task (and not for the authentication task) is generated.
  • the method 400 may only be used to change the master key whenever the session key for the encryption task (and not for the authentication task) is generated.
  • FIG. 5 illustrates a fourth example of a method 500 for generating a session key and a new master key.
  • the method 500 may correspond to the session key generation instructions 167 of FIG. 1 .
  • This fourth example method 500 illustrates the use of a different combination function to create the new master key (as well as an alternative method to create a session key).
  • the method 500 first uses the current master key value 510 to generate a new master key value 512 . Specifically, the method 500 encrypts 530 a constant value 520 that, as with previously-described constant values 220 , 222 , 320 , 322 , 420 is agreed-upon by the parties to the secure communication and between which the master key is shared. The result of the encryption step 530 is taken as the new value of the master key 512 .
  • the new master key 512 After the new master key 512 is generated, it can be used along with the old master key 510 to generate a new session key 540 . Specifically, as shown, the two master keys 510 , 512 are combined via an XOR operation 550 to produce a session key 540 . The session key 540 may then be used for secure communication operations 560 by the OS or applications to, for example, encrypt 564 plaintext communications 562 to produce encrypted communications 566 (or to perform the reverse process of decryption). After the session key 540 is generated, the method 500 may delete the old master key value 510 to further guard against the value being compromised.
  • the method 500 may be used to modify the master key with the generation of each new session key.
  • the method 500 may only be used to modify the master key when a session key for a specific function is to be generated. For example, if an implementation generates different session keys for encryption and authentication, the method 500 may only be used to change the master key whenever the session key for the encryption task (and not for the authentication task) is generated.
  • the method 500 may be modified to not produce any session key at all, executing only the encryption operation 530 to generate the new master key 512 .
  • the parties to the communication may be configured to periodically alter their master key based on such a modified method.
  • Various other modifications will be apparent.
  • various embodiments enable the efficient derivation of session keys with the benefit of forward secrecy. For example, by periodically generating a new master key according to an agreed-upon process, the parties to a communication can provide forward secrecy to the master key without communicating each new master key to each other. Further, by using agreed-upon constants and simple combination operations to generate master and session keys, various embodiments are able to quickly and efficiently derive encryption keys necessary for secure communications. Such embodiments may be particularly beneficial in environments where secure communications are to be performed very quickly such as, for example, an “instant on” scenario (e.g., a mobile device is activated or unlocked by a fingerprint scan which is compared against a fingerprint key stored in a secure element of the mobile device). Various additional benefits will be apparent in view of the foregoing.
  • an “instant on” scenario e.g., a mobile device is activated or unlocked by a fingerprint scan which is compared against a fingerprint key stored in a secure element of the mobile device.
  • various embodiments of the invention may be implemented in hardware.
  • various embodiments may be implemented as instructions stored on a non-transitory machine-readable storage medium, such as a volatile or non-volatile memory, which may be read and executed by at least one processor to perform the operations described in detail herein.
  • a machine-readable storage medium may include any mechanism for storing information in a form readable by a machine, such as a personal or laptop computer, a server, or other computing device.
  • a non-transitory machine-readable storage medium excludes transitory signals but may include both volatile and non-volatile memories, including but not limited to read-only memory (ROM), random-access memory (RAM), magnetic disk storage media, optical storage media, flash-memory devices, and similar storage media.
  • any block diagrams herein represent conceptual views of illustrative circuitry embodying the principles of the invention.
  • any flow charts, flow diagrams, state transition diagrams, pseudo code, and the like represent various processes which may be substantially represented in machine readable media and so executed by a computer or processor, whether or not such computer or processor is explicitly shown.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Various embodiments relate to a method, device, and non-transitory medium including: determining a master key value for use in secure communications with a different device, wherein the master key value is used as a master key; deriving at least one session key using the master key; generating a new master key value based on the master key; deleting the current master key value; and using the new master key value as the master key.

Description

TECHNICAL FIELD
Various embodiments disclosed herein relate generally to secure channel communications and, more particularly but not exclusively, to session key derivation and master key secrecy.
BACKGROUND
When two devices want to communicate securely, they typically first establish a secure channel. This channel will provide protection for confidentiality, integrity, and/or authentication of the exchanged messages. The method of choice to implement this secure channel is usually based on symmetric cryptography. In that setting, both devices first share a common and secret symmetric key usually called the master key. The master key is typically either predefined at manufacturing time or obtained via public key-based key exchange protocols (for instance elliptic curve Diffie-Hellman). In well-designed secure channels, the master key is never used as-is to encrypt, authenticate, or sign the messages. Instead, the master key is used to generate so-called session keys that are then each dedicated to a particular task (like encryption or authentication) for a limited period of time.
SUMMARY
A brief summary of various embodiments is presented below. Some simplifications and omissions may be made in the following summary, which is intended to highlight and introduce some aspects of the various embodiments, but not to limit the scope of the invention. Detailed descriptions of a preferred embodiment adequate to allow those of ordinary skill in the art to make and use the inventive concepts will follow in later sections.
Various embodiments described herein relate to a non-transitory machine-readable medium encoded with instructions for execution by a processor, the non-transitory machine-readable medium including: instructions for determining a master key value for use in secure communications with a different device, wherein the master key value is used as a master key; instructions for deriving a session key using the master key; instructions for generating a new master key value based on the master key; instructions for deleting the current master key value; and instructions for using the new master key value as the master key.
Various embodiments described herein relate to a device for participating in a secure communication session, the device including: a memory; an interface to another device with which secure communication will occur; and a processor in communication with the interface and memory, the processor being configured to determine a master key value for use in secure communications with a different device, wherein the master key value is used as a master key, derive a session key using the master key, generate a new master key value based on the master key, delete the current master key value, and use the new master key value as the master key.
Various embodiments described herein relate to a method by a processor, the method including: determining a master key value for use in secure communications with a different device, wherein the master key value is used as a master key; deriving a session key using the master key; generating a new master key value based on the master key; deleting the current master key value, and using the new master key value as the master key.
Various embodiments are described wherein the instructions for generating a new master key value based on the master key include: instructions for combining the session key with at least one additional session key derived using the master key to form the new master key value.
Various embodiments are described wherein the instructions for generating a new master key value based on the master key include: instructions for combining the current master key value with at least the session key to form the new master key.
Various embodiments are described wherein the instructions for generating a new master key value include instructions for encrypting a constant value using the master key.
Various embodiments are described wherein the instructions for generating a new master key value include instructions for applying an XOR function to two or more cryptographic keys.
Various embodiments are described wherein the instructions for deriving at least one session key using the master key include: instructions for encrypting at least one constant value using the master key.
Various embodiments are described wherein the instructions for deriving at least one session key using the master key include: instructions for combining the current value of the master key with the new value of the master key to produce a session key.
Various embodiments additionally include instructions for periodically re-executing the instructions for generating a new master key.
Various embodiments are described wherein the instructions for negotiating a master key value with a different device include instructions for negotiating with a secure element that is part of the same device as the processor.
Various embodiments are described wherein the non-transitory machine-readable medium is encoded with instructions for execution by a secure element within a host device.
BRIEF DESCRIPTION OF THE DRAWINGS
In order to better understand various embodiments, reference is made to the accompanying drawings, wherein:
FIG. 1 illustrates an example of a hardware system for performing secure communications;
FIG. 2 illustrates a first example of a method for generating session keys and a new master key;
FIG. 3 illustrates a second example of a method for generating session keys and a new master key;
FIG. 4 illustrates a third example of a method for generating a session key and a new master key; and
FIG. 5 illustrates a fourth example of a method for generating a session key and a new master key.
To facilitate understanding, identical reference numerals have been used to designate elements having substantially the same or similar structure or substantially the same or similar function.
DETAILED DESCRIPTION
The description and drawings presented herein illustrate various principles. It will be appreciated that those skilled in the art will be able to devise various arrangements that, although not explicitly described or shown herein, embody these principles and are included within the scope of this disclosure. As used herein, the term, “or” refers to a non-exclusive or (i.e., and/or), unless otherwise indicated (e.g., “or else” or “or in the alternative”). Additionally, the various embodiments described herein are not necessarily mutually exclusive and may be combined to produce additional embodiments that incorporate the principles described herein.
As noted above, many secure communications implementations utilize a shared master key between devices which is then used to generate session keys that are actually used for tasks such as encryption and digital signing. If the master key is compromised, however, an attacker will be able to generate the session keys themselves and access the content of any intercepted communications, including both future and past communications.
Various embodiments described herein attempt to provide forward secrecy for secured communications by periodically altering the master key and discarding all old versions of the master key. Both parties to a communication alter the master key in the same way, such that renegotiation of the master key need not be performed; instead, both devices modify the master key according to the same protocol and therefore always hold the same version of the master key. In this way, even if the current master key is compromised, the attacker does not have access to previous versions of the master key and therefore may not be able to decrypt previously-intercepted communications.
FIG. 1 illustrates an example of a hardware system 100 for performing secure communications. The hardware system 100 may be virtually any device that communicates using an encrypted protocol. As shown, the device 100 includes a processor 120, memory 130, secure element 140, network interface 150, and storage 160 interconnected via one or more system buses 110. It will be understood that FIG. 1 constitutes, in some respects, an abstraction and that the actual organization of the components of the device 100 may be more complex than illustrated.
The processor 120 may be any hardware device capable of executing instructions stored in memory 130 or storage 160 or otherwise processing data. As such, the processor may include a microprocessor, field programmable gate array (FPGA), application-specific integrated circuit (ASIC), or other similar devices.
The memory 130 may include various memories such as, for example L1, L2, or L3 cache or system memory. As such, the memory 130 may include static random access memory (SRAM), dynamic RAM (DRAM), flash memory, read only memory (ROM), or other similar memory devices.
The secure element 140 may be a device for performing secured functions such as, for example, storing secret information or performing cryptographic processing. As such, the secure element 140 may include hardware such as a processor, a memory, and an interface to the bus 110. The rest of the hardware device 100 may be referred to as a host device to the secure element. In various embodiments, the secure element 140 and processor 120 both implement a session key derivation method, such as one of the examples described herein, to enable secure communications therebetween. Alternatively, only one of the secure element 140 and processor 120 may implement such a method along with another external device which is accessible via the network interface.
The network interface 150 may include one or more devices for enabling communication with other hardware devices. For example, the network interface 150 may include a network interface card (NIC) configured to communicate according to the Ethernet protocol. Additionally, the network interface 150 may implement a TCP/IP stack for communication according to the TCP/IP protocols. Additionally or alternatively, the network interface may include a near-field communication (NFC) chip, 3G chip, or 4G chip along with appropriate antennas to enable wireless communications. Various alternative or additional hardware or configurations for the network interface 150 will be apparent.
The storage 160 may include one or more machine-readable storage media such as read-only memory (ROM), random-access memory (RAM), magnetic disk storage media, optical storage media, flash-memory devices, or similar storage media. In various embodiments, the storage 160 may store instructions for execution by the processor 120 or data upon with the processor 120 may operate. For example, the storage 160 may store a base operating system 161 for controlling various basic operations of the hardware 100 and multiple applications 162 for performing various functions on behalf of the user. For example, the applications 162 may include a web browser, a music player, or a wireless payment application (or a non-secured portion thereof, with the secured portion residing on the secure element 140).
To enable secure communications (e.g. with the secure element 140 or via the network interface 150), the storage 160 also stores a master key 163 and multiple session keys 164. In various embodiments, the initial value of the master key 163 is pre-configured as stored in the storage 160 at the time of device manufacturing while in other embodiments the initial value of the master key 163 is negotiated between two devices according to an appropriate key exchange protocol. In the latter embodiments, the storage 160 includes master key exchange instructions 165 that transmit a master key value to or receive a master key value from another device. The storage 160 also includes encryption instructions 166 such as, for example, an AES implementation that can be used in conjunction with the session keys 166 to encrypt communications.
Periodically, new session keys 164 are generated (at both ends of the secure communication channel) to reduce the likelihood that the session keys 164 will be compromised. As such, the storage 160 includes session key generation instructions 167. To provide forward secrecy, the session key generation instructions 167 also include master key modification instructions 168 that periodically alter the master key 163 value. For example, the master key modification instructions 168 may generate a new master key value and subsequently delete the current master key value by, for example, overwriting the current master key value with the new master key value or other data or by freeing an area in memory storing the current master key value. Various example embodiments of the session key generation instructions 167 and master key modification instructions 168 will be described below.
It will be apparent that various information described as stored in the storage 160 may be additionally or alternatively stored in the memory 130. In this respect, the memory 130 may also be considered to constitute a “storage device” and the storage 160 may be considered a “memory.” Various other arrangements will be apparent. Further, the memory 130 and storage 160 may both be considered to be “non-transitory machine-readable media.” As used herein, the term “non-transitory” will be understood to exclude transitory signals but to include all forms of storage, including both volatile and non-volatile memories.
While the host device 100 is shown as including one of each described component, the various components may be duplicated in various embodiments. For example, the processor 120 may include multiple microprocessors that are configured to independently execute the methods described herein or are configured to perform steps or subroutines of the methods described herein such that the multiple processors cooperate to achieve the functionality described herein. Further, where the device 100 is implemented in a cloud computing system, the various hardware components may belong to separate physical systems. For example, the processor 120 may include a first processor in a first server and a second processor in a second server.
FIG. 2 illustrates a first example of a method 200 for generating session keys and a new master key. The method 200 may correspond to the session key generation instructions 167 of FIG. 1. As shown, the method 200 utilizes a current master key 210 to generate two session keys 240, 242. Specifically, the method 200 encrypts two constants 220, 222 using an AES encryption algorithm (e.g., in ECB mode applied to one block) 230, 232 and the current master key 210. The constants 220, 222 may be any values that two implementations of the method 200 agree will be used for generation of the session keys 240, 242. For example, these constants 220, 222 may be pre-configured literal values, agreed-upon variables, or a combination thereof. For example, “CST_A” 220 may be a counter value appended to a device identifier, while “CST_B” 222 may be a current time (e.g., the current hour and minute) appended to the device identifier. It will be apparent that virtually any value may be used as a constant 220, 222 as long as both parties to the communication are agreed as to which values will be used. In various embodiments, the selected constants need not be kept secret.
After the session keys 240, 242 have been generated, they may be used as part of ordinary cryptographic operations 260 performed by the operating system or applications. For example, as shown, the session keys 240, 242 may be used by other AES processes 264, 274 to encrypt plaintext 262, 272 for transmission to another device as ciphertext 266, 276 (or to decrypt ciphertext 266, 276 into usable plaintext 262, 274). It will be understood that additional session keys (not shown) may be generated in similar, agreed-upon manners.
Also after session key generation, the method 200 generates a new master key 212 to replace the current master key 210 by combining the two session keys 240, 242. Specifically, as shown, the session keys are combined using an exclusive or (XOR) operation 250. It will be appreciated that other combination functions may be used such as a not-and (NAND) operation, encryption of one session key using another, or any other transformative function. Additionally, it will be appreciated that more than two session keys may be combined to form the new master key value 212. For example, four session keys may be XOR'ed together to produce a single master key value.
After the new master key value 212 is generated, it replaces the old master key value 210. For example, the method may overwrite a master key variable or space in memory with the new value 212, thereby deleting the old master key value 210. By deleting the old master key value 210, the chances of the old master key value being compromised (and, consequently, the chances of the session keys 240, 242 being compromised) are reduced. As such, the method 200 provides forward secrecy. It will be appreciated that the method 200 may be executed periodically to refresh the session keys 240, 242 and, as such, the value of the master key may periodically change.
With knowledge of the method 200 used, an attacker that has compromised the session keys 240, 242 may generate the next master key 212 and, as such, may be able to generate each new session key in the future. To help combat this, various implementations may also utilize the old value of the master key in generating the new master key; as such, the attacker would also have to compromise the old value of the master key, which is generally protected using different, and often more stringent, techniques from those used to protect the session key.
FIG. 3 illustrates a second example of a method 300 for generating session keys and a new master key. The method 300 may correspond to the session key generation instructions 167 of FIG. 1. As can be seen, the method 300 is largely similar to the previous example method 200. A master key 310 is used to encrypt 330, 332 agreed-upon constants 320, 322 to produce session keys 340, 342. The session keys 340, 342 may then be used for secure communication operations 360 by the OS or applications to, for example, encrypt 364, 374 plaintext communications 362, 372 to produce encrypted communications 366, 376 (or to perform the reverse process of decryption).
To produce a new master key value 312, the method 300 combines the old master key value 310 with one or more of the session keys 340, 342. As shown, the master key 310 is combined with a first session key 340 via an XOR operation 350, the result of which is then combined with a second session key 342 via another XOR operation 352. As before, fewer or additional session keys may utilized and alternative or additional combination techniques may be used.
FIG. 4 illustrates a third example of a method 400 for generating a session key and a new master key. The method 400 may correspond to the session key generation instructions 167 of FIG. 1. As shown, the method is similar to the previous example method 300. The method 400 uses a master key 410 to encrypt 430 an agreed-upon constant 420 to produce a session key 440. The session key 440 may then be used for secure communication operations 460 by the OS or applications to, for example, encrypt 464 plaintext communications 462 to produce encrypted communications 466 (or to perform the reverse process of decryption).
To produce a new master key value 412, the method 400 combines the old master key value 410 with one session key 440. As shown, the combination operation is an XOR 450. As before, fewer or additional session keys may utilized and alternative or additional combination techniques may be used.
Thus, the third example method 400 is similar to the second example method 300 with the difference that the new master key 412 may be generated using only a single session key (and the old value for the master key). As such, the method 400 may be used to modify the master key after generation of each new session key. Alternatively, the method 400 may only be used to modify the master key when a session key for a specific function is generated. For example, if an implementation generates different session keys for encryption and authentication, the method 400 may only be used to change the master key whenever the session key for the encryption task (and not for the authentication task) is generated. Various other modifications will be apparent.
FIG. 5 illustrates a fourth example of a method 500 for generating a session key and a new master key. The method 500 may correspond to the session key generation instructions 167 of FIG. 1. This fourth example method 500 illustrates the use of a different combination function to create the new master key (as well as an alternative method to create a session key).
As shown, the method 500 first uses the current master key value 510 to generate a new master key value 512. Specifically, the method 500 encrypts 530 a constant value 520 that, as with previously-described constant values 220, 222, 320, 322, 420 is agreed-upon by the parties to the secure communication and between which the master key is shared. The result of the encryption step 530 is taken as the new value of the master key 512.
After the new master key 512 is generated, it can be used along with the old master key 510 to generate a new session key 540. Specifically, as shown, the two master keys 510, 512 are combined via an XOR operation 550 to produce a session key 540. The session key 540 may then be used for secure communication operations 560 by the OS or applications to, for example, encrypt 564 plaintext communications 562 to produce encrypted communications 566 (or to perform the reverse process of decryption). After the session key 540 is generated, the method 500 may delete the old master key value 510 to further guard against the value being compromised.
The method 500 may be used to modify the master key with the generation of each new session key. Alternatively, the method 500 may only be used to modify the master key when a session key for a specific function is to be generated. For example, if an implementation generates different session keys for encryption and authentication, the method 500 may only be used to change the master key whenever the session key for the encryption task (and not for the authentication task) is generated. As yet another alternative, the method 500 may be modified to not produce any session key at all, executing only the encryption operation 530 to generate the new master key 512. For example, the parties to the communication may be configured to periodically alter their master key based on such a modified method. Various other modifications will be apparent.
According to the foregoing, various embodiments enable the efficient derivation of session keys with the benefit of forward secrecy. For example, by periodically generating a new master key according to an agreed-upon process, the parties to a communication can provide forward secrecy to the master key without communicating each new master key to each other. Further, by using agreed-upon constants and simple combination operations to generate master and session keys, various embodiments are able to quickly and efficiently derive encryption keys necessary for secure communications. Such embodiments may be particularly beneficial in environments where secure communications are to be performed very quickly such as, for example, an “instant on” scenario (e.g., a mobile device is activated or unlocked by a fingerprint scan which is compared against a fingerprint key stored in a secure element of the mobile device). Various additional benefits will be apparent in view of the foregoing.
It should be apparent from the foregoing description that various embodiments of the invention may be implemented in hardware. Furthermore, various embodiments may be implemented as instructions stored on a non-transitory machine-readable storage medium, such as a volatile or non-volatile memory, which may be read and executed by at least one processor to perform the operations described in detail herein. A machine-readable storage medium may include any mechanism for storing information in a form readable by a machine, such as a personal or laptop computer, a server, or other computing device. Thus, a non-transitory machine-readable storage medium excludes transitory signals but may include both volatile and non-volatile memories, including but not limited to read-only memory (ROM), random-access memory (RAM), magnetic disk storage media, optical storage media, flash-memory devices, and similar storage media.
It should be appreciated by those skilled in the art that any block diagrams herein represent conceptual views of illustrative circuitry embodying the principles of the invention. Similarly, it will be appreciated that any flow charts, flow diagrams, state transition diagrams, pseudo code, and the like represent various processes which may be substantially represented in machine readable media and so executed by a computer or processor, whether or not such computer or processor is explicitly shown.
Although the various embodiments have been described in detail with particular reference to certain aspects thereof, it should be understood that the invention is capable of other embodiments and its details are capable of modifications in various obvious respects. As is readily apparent to those skilled in the art, variations and modifications can be effected while remaining within the spirit and scope of the invention. Accordingly, the foregoing disclosure, description, and figures are for illustrative purposes only and do not in any way limit the invention, which is defined only by the claims.

Claims (20)

What is claimed is:
1. A non-transitory machine-readable medium encoded with instructions for execution by a processor device, the non-transitory machine-readable medium comprising:
instructions for determining a master key value for use in secure communications with a different device, wherein the master key value is used as a master key;
instructions for deriving a session key directly from the master key;
instructions for generating a new master key value based on the master key and the session key;
instructions for deleting a current master key value being used as the master key; and
instructions for using the new master key value as the master key.
2. The non-transitory machine-readable medium of claim 1, wherein the instructions for generating a new master key value based on the master key comprise:
instructions for combining the session key with at least one additional session key derived using the master key to form the new master key value.
3. The non-transitory machine-readable medium of claim 1, wherein the instructions for generating a new master key value based on the master key comprise:
instructions for combining the current master key value with at least the session key to form the new master key.
4. The non-transitory machine-readable medium of claim 1, wherein the instructions for generating a new master key value comprise instructions for encrypting a constant value using the master key.
5. The non-transitory machine-readable medium of claim 1, wherein the instructions for generating a new master key value comprise instructions for applying an XOR function to two or more cryptographic keys.
6. The non-transitory machine-readable medium of claim 1, wherein the instructions for deriving at least one session key using the master key comprise:
instructions for encrypting at least one constant value using the master key.
7. The non-transitory machine-readable medium of claim 1, wherein the instructions for deriving at least one session key using the master key comprise:
instructions for combining the current value of the master key with the new value of the master key to produce a session key.
8. The non-transitory machine-readable medium of claim 1, further comprising instructions for periodically re-executing the instructions for generating a new master key.
9. The non-transitory machine-readable medium of claim 1, wherein the instructions for negotiating a master key value with a different device comprise instructions for negotiating with a secure element that is part of the same device as the processor device.
10. The non-transitory machine-readable medium of claim 1, wherein the non-transitory machine-readable medium is encoded with instructions for execution by a secure element within a host device.
11. A device for participating in a secure communication session, the device comprising:
a memory;
an interface to another device with which secure communication will occur; and
a processor device in communication with the interface and memory, the processor device being configured to
determine a master key value for use in secure communications with a different device, wherein the master key value is used as a master key,
derive a session key directly from the master key,
generate a new master key value based on the master key and the session key,
delete a current master key value being used as the master key, and
use the new master key value as the master key.
12. The device of claim 11, wherein in generating a new master key value based on the master key, the processor device is configured to:
combine the session key with at least one additional session key derived using the master key to form the new master key value.
13. The device of claim 11, wherein in generating a new master key value based on the master key, the processor device is configured to:
combine the current master key value with at least the session key to form the new master key.
14. The device of claim 11, wherein in generating a new master key value, the processor device is configured to encrypt a constant value using the master key.
15. The device of claim 11, wherein in generating a new master key value, the processor device is configured to apply an XOR function to two or more cryptographic keys.
16. The device of claim 11, wherein in deriving at least one session key using the master key the, processor device is configured to:
encrypt at least one constant value using the master key.
17. The device of claim 11, wherein in deriving at least one session key using the master key, the processor device is configured to:
combine the current value of the master key with the new value of the master key to produce a session key.
18. The device of claim 11, wherein the processor device is further configured to periodically re-execute the step generating a new master key.
19. The device of claim 11, further comprising a secure element, wherein the secure element is the other device with which secure communication will occur.
20. The device of claim 11, wherein the device is a secure element to be installed in a host system, wherein the host system is the other device with which secure communication will occur.
US14/724,315 2015-05-28 2015-05-28 Efficient key derivation with forward secrecy Active 2035-06-16 US9674165B2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US14/724,315 US9674165B2 (en) 2015-05-28 2015-05-28 Efficient key derivation with forward secrecy
EP16169448.4A EP3099003B1 (en) 2015-05-28 2016-05-12 Efficient key derivation with forward secrecy
CN201610330358.XA CN106209352B (en) 2015-05-28 2016-05-18 Efficient key derivation with forward security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US14/724,315 US9674165B2 (en) 2015-05-28 2015-05-28 Efficient key derivation with forward secrecy

Publications (2)

Publication Number Publication Date
US20160352706A1 US20160352706A1 (en) 2016-12-01
US9674165B2 true US9674165B2 (en) 2017-06-06

Family

ID=55967186

Family Applications (1)

Application Number Title Priority Date Filing Date
US14/724,315 Active 2035-06-16 US9674165B2 (en) 2015-05-28 2015-05-28 Efficient key derivation with forward secrecy

Country Status (3)

Country Link
US (1) US9674165B2 (en)
EP (1) EP3099003B1 (en)
CN (1) CN106209352B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10460314B2 (en) * 2013-07-10 2019-10-29 Ca, Inc. Pre-generation of session keys for electronic transactions and devices that pre-generate session keys for electronic transactions
US10348502B2 (en) * 2016-09-02 2019-07-09 Blackberry Limited Encrypting and decrypting data on an electronic device
US10341102B2 (en) * 2016-09-02 2019-07-02 Blackberry Limited Decrypting encrypted data on an electronic device
CN106789055B (en) * 2017-01-20 2019-08-30 兴唐通信科技有限公司 One-way process forward secrecy Implementation Technology
CN108667623B (en) * 2018-05-28 2021-10-19 广东工业大学 An SM2 Elliptic Curve Signature Verification Algorithm
US11210664B2 (en) 2018-10-02 2021-12-28 Capital One Services, Llc Systems and methods for amplifying the strength of cryptographic algorithms
CN111600829A (en) * 2019-02-21 2020-08-28 杭州萤石软件有限公司 Secure communication method and system for Internet of things equipment
US12095902B2 (en) * 2019-04-12 2024-09-17 Felica Networks, Inc. Information processing terminal, information processing device, information processing method, program, and information processing system
CN110266498B (en) * 2019-06-28 2022-04-08 恒宝股份有限公司 Safe payment system and method for non-stop automobile
US11343089B2 (en) * 2019-07-10 2022-05-24 Tunnel VUE Inc. Cryptography system and method
CN114095159B (en) * 2021-11-11 2023-10-31 北京三快在线科技有限公司 Encryption communication method, device, computer equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070003063A1 (en) 2005-06-29 2007-01-04 Ned Smith Methods and apparatus to perform associated security protocol extensions
US7266842B2 (en) * 2002-04-18 2007-09-04 International Business Machines Corporation Control function implementing selective transparent data authentication within an integrated system
US7817802B2 (en) * 2006-10-10 2010-10-19 General Dynamics C4 Systems, Inc. Cryptographic key management in a communication network
US8578162B2 (en) * 2009-05-20 2013-11-05 Rolf Jentzsch Unique identifier, method for providing the unique identifier and use of the unique identifier
US20150019442A1 (en) * 2013-07-10 2015-01-15 Ca, Inc. Pre-generation of session keys for electronic transactions and devices that pre-generate session keys for electronic transactions
US8996873B1 (en) * 2014-04-08 2015-03-31 Cloudflare, Inc. Secure session capability using public-key cryptography without access to the private key
US9087212B2 (en) * 2012-01-25 2015-07-21 Massachusetts Institute Of Technology Methods and apparatus for securing a database
US9197616B2 (en) * 2010-03-19 2015-11-24 Cisco Technology, Inc. Out-of-band session key information exchange

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4370721B2 (en) * 2000-04-06 2009-11-25 ソニー株式会社 Information recording apparatus, information reproducing apparatus, information recording method, information reproducing method, key update terminal apparatus, generation management key update method, information recording medium, and program providing medium
CN100558035C (en) * 2006-08-03 2009-11-04 西安电子科技大学 A two-way authentication method and system
CN100581102C (en) * 2007-05-31 2010-01-13 北京泛亚创知科技发展有限公司 A method for secure data transmission in a wireless sensor network
US20100002885A1 (en) * 2008-03-26 2010-01-07 Ericsson Inc. Efficient multiparty key exchange
US20100153709A1 (en) * 2008-12-10 2010-06-17 Qualcomm Incorporated Trust Establishment From Forward Link Only To Non-Forward Link Only Devices
CN102111761B (en) * 2009-12-28 2014-01-01 华为终端有限公司 Secrete key management method and equipment
CN103116730B (en) * 2013-01-21 2016-05-11 厦门市美亚柏科信息股份有限公司 A kind of decryption method of DPAPI enciphered data and system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7266842B2 (en) * 2002-04-18 2007-09-04 International Business Machines Corporation Control function implementing selective transparent data authentication within an integrated system
US20070003063A1 (en) 2005-06-29 2007-01-04 Ned Smith Methods and apparatus to perform associated security protocol extensions
US7817802B2 (en) * 2006-10-10 2010-10-19 General Dynamics C4 Systems, Inc. Cryptographic key management in a communication network
US8578162B2 (en) * 2009-05-20 2013-11-05 Rolf Jentzsch Unique identifier, method for providing the unique identifier and use of the unique identifier
US9197616B2 (en) * 2010-03-19 2015-11-24 Cisco Technology, Inc. Out-of-band session key information exchange
US9087212B2 (en) * 2012-01-25 2015-07-21 Massachusetts Institute Of Technology Methods and apparatus for securing a database
US20150019442A1 (en) * 2013-07-10 2015-01-15 Ca, Inc. Pre-generation of session keys for electronic transactions and devices that pre-generate session keys for electronic transactions
US8996873B1 (en) * 2014-04-08 2015-03-31 Cloudflare, Inc. Secure session capability using public-key cryptography without access to the private key

Non-Patent Citations (10)

* Cited by examiner, † Cited by third party
Title
"EMV Integrated Circuit Card Specifications for Payment Systems", EMV 4.3 standard, book 2-security and key management, Nov. 2011 [http://resources.unitedthinkers.com/specifications/emv/emv2/EMV-v4.3-Book-2-Security-and-Key-Management-20120607061923900.pdf] [viewed on May 28, 2015].
"GlobalPlatform Card Technology, Secure Channel Protocol '11', Card Specification v2.2-Amendment F, v0.0.0.12", Secure Channel Protocol '11'-Public Review v0.0.0.12, Dec. 2014.
"EMV Integrated Circuit Card Specifications for Payment Systems", EMV 4.3 standard, book 2—security and key management, Nov. 2011 [http://resources.unitedthinkers.com/specifications/emv/emv2/EMV—v4.3—Book—2—Security—and—Key—Management—20120607061923900.pdf] [viewed on May 28, 2015].
"GlobalPlatform Card Technology, Secure Channel Protocol ‘11’, Card Specification v2.2—Amendment F, v0.0.0.12", Secure Channel Protocol ‘11’—Public Review v0.0.0.12, Dec. 2014.
Barker, Elaine, et al., "NIST Special Publication 800-57: Recommendation for Key Management Part 1: General, revision 3", Jul. 2012.
Extended European Search Report dated Oct. 18, 2016 in EP Application No. 16169448.4.
Kocher, et al., "Introduction to differential power analysis", J Cryptogr Eng (2011) 1:5-27.
Mangard, et al., "Power Analysis Attacks", Springer 2007, SBN 978-0-387-38162-6.
Menezes, A.J., et al., "Key Management Techniques ED", Handbook of Applied Cryptography, CRC Press, pp. 543-590; Oct. 1996.
Paul, et al., "FIPS 140-2 Non-Proprietary Security Policy", Cloakware, Inc. Cloakware Security Kernel.Software Version: 1.0.

Also Published As

Publication number Publication date
EP3099003B1 (en) 2021-01-27
CN106209352B (en) 2021-06-18
CN106209352A (en) 2016-12-07
US20160352706A1 (en) 2016-12-01
EP3099003A1 (en) 2016-11-30

Similar Documents

Publication Publication Date Title
US9674165B2 (en) Efficient key derivation with forward secrecy
US11818262B2 (en) Method and system for one-to-many symmetric cryptography and a network employing the same
TWI736271B (en) Method, device and equipment for generating and using private key in asymmetric key
CN110868291B (en) Data encryption transmission method, device, system and storage medium
US20120144193A1 (en) Open protocol for authentication and key establishment with privacy
US9917695B2 (en) Authenticated encryption method using working blocks
US20200195446A1 (en) System and method for ensuring forward & backward secrecy using physically unclonable functions
US11206130B2 (en) Customizing cryptographic keys between multiple hosts
US9473299B2 (en) Dual-party session key derivation
US11818268B2 (en) Hub-based token generation and endpoint selection for secure channel establishment
WO2019105571A1 (en) Secure provisioning of data to client device
Yousif et al. Enhancing approach for information security in hadoop
CA3056814A1 (en) Symmetric cryptographic method and system and applications thereof
US10848312B2 (en) Zero-knowledge architecture between multiple systems
Zhang et al. Two-factor remote authentication protocol with user anonymity based on elliptic curve cryptography
CN110086627B (en) Quantum communication service station key negotiation method and system based on asymmetric key pool pair and time stamp
CN118633260A (en) Method for securely negotiating a symmetric key between two communicating parties

Legal Events

Date Code Title Description
AS Assignment

Owner name: NXP B.V., NETHERLANDS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:PEETERS, MICHAEL;VERSLEGERS, RUDI;WARNEZ, DIMITRI;SIGNING DATES FROM 20150512 TO 20150528;REEL/FRAME:035735/0979

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载